Hi,
here's a documentation patch for the check keyword.
regards,
Jérôme
>From 10e90939d9fd1bd4f1e651d679d0b99e8da91afb Mon Sep 17 00:00:00 2001
From: Jerome Magnin <jmag...@haproxy.com>
Date: Sun, 26 Apr 2020 14:23:04 +0200
Subject: [PATCH] DOC: give a more accurate description of what check does
The documentation for check implies that without an optional l7
check configured, it enables simple tcp checks. What it actually
does is check that every configured handshake on the server line
can be established.
# simple tcp connect
backend foo
server s1 192.168.0.1:80 check
# this does a tcp connect + tls handshake
backend foo
server s1 192.168.0.1;443 ssl check
# simple tcp connect is enough for check success
backend foo
option tcp-check
tcp-check connect
server s1 192.168.0.1:443 ssl check
---
doc/configuration.txt | 38 +++++++++++++++++++++++++++-----------
1 file changed, 27 insertions(+), 11 deletions(-)
diff --git a/doc/configuration.txt b/doc/configuration.txt
index 676d5a075..faf5a54bc 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -12112,17 +12112,33 @@ ca-file <cafile>
check
This option enables health checks on the server. By default, a server is
- always considered available. If "check" is set, the server is available when
- accepting periodic TCP connections, to ensure that it is really able to serve
- requests. The default address and port to send the tests to are those of the
- server, and the default source is the same as the one defined in the
- backend. It is possible to change the address using the "addr" parameter, the
- port using the "port" parameter, the source address using the "source"
- address, and the interval and timers using the "inter", "rise" and "fall"
- parameters. The request method is define in the backend using the "httpchk",
- "smtpchk", "mysql-check", "pgsql-check" and "ssl-hello-chk" options. Please
- refer to those options and parameters for more information. See also
- "no-check" option.
+ always considered available. If "check" is set, the server is considered
+ available when all the handshakes configured on the server line can be
+ established, or when an optional layer 7 health check succeeds. This is to
+ ensure that the server is really able to handle requests. The default address
+ and port to send health checks to are those of the server, and the default
+ source address is the same as the one defined in the backend. It is possible
+ to change the destination address using the "addr" parameter, the port using
+ the "port" parameter, the source address using the "source" parameter, and
the
+ interval and timers using the "inter", "rise" and "fall" parameters. Optional
+ layer 7 checks can be configured with the "httpchk", "smtpchk",
"mysql-check",
+ "pgsql-check" and "ssl-hello-check" options. When ssl is configured on the
+ server line, "option tcp-check" and "tcp-check connect" can be used to
refrain
+ from establishing the tls hanshake during health checks. Please refer to
those
+ options and parameters for more information. See also "no-check" and
"check-ssl".
+
+ Example:
+ # simple tcp connect
+ backend foo
+ server s1 192.168.0.1:80 check
+ # this does a tcp connect + tls handshake
+ backend foo
+ server s1 192.168.0.1;443 ssl check
+ # simple tcp connect is enough for check success
+ backend foo
+ option tcp-check
+ tcp-check connect
+ server s1 192.168.0.1:443 ssl check
check-send-proxy
This option forces emission of a PROXY protocol line with outgoing health
--
2.26.2
